Jump to content

Computer Reboots when any application gains internet access.


bmwqg
 Share

Recommended Posts

Hello bmwqg and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Please follow the instructions here and then post the log files in your next reply.

http://forums.malwarebytes.org/index.php?showtopic=9573

Link to post
Share on other sites

Here is the contents of DDS.txt and Attach.txt as requested:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16457
Run by Thomas at 12:07:46 on 2013-11-11
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4095.2612 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\lxdicoms.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\servicing\TrustedInstaller.exe
\\.\globalroot\systemroot\svchost.exe -netsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\EVGA Precision\EVGAPrecision.exe
C:\Windows\Explorer.EXE
C:\Program Files\Core Temp\Core Temp.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdimon.exe
C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdiamon.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Microsoft Security Client\msseces.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - 
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - 
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: NameServer = 75.75.75.75 75.75.75.76
TCP: Interfaces\{2C70736C-91AE-4032-AEAD-8F0EB019A83F} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{CA7BD255-8420-42AC-8E30-93AB7CFE4B7A}\F42727 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{DEB31C4D-96B5-46CD-899A-E3AD63E55A24} : DHCPNameServer = 75.75.75.75 75.75.75.76
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [lxdimon.exe] "C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdimon.exe"
x64-Run: [lxdiamon] "C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdiamon.exe"
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-6-18 247216]
R2 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-11-9 196376]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-3-1 187392]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2010-8-24 74320]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2010-8-24 13392]
S3 Linksys_adapter_H;Linksys Adapter Network Driver;C:\Windows\System32\drivers\AE1200w764.sys [2011-3-29 1254464]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
S3 LVUVC64;Logitech Webcam C260(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
S3 Lycosa;Lycosa Keyboard;C:\Windows\System32\drivers\Lycosa.sys [2008-1-17 18816]
S3 mbamchameleon;mbamchameleon;C:\Windows\System32\drivers\mbamchameleon.sys [2013-11-10 36680]
S3 MSI_DVD_010507;MSI_DVD_010507;C:\PROGRA~1\MSI\MSIWDev\DVDSYS64_100507.sys [2010-5-10 28984]
S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;C:\PROGRA~1\MSI\MSIWDev\msibios64_100507.sys [2010-5-10 33592]
S3 MSI_VGASYS_010507;MSI_VGASYS_010507;C:\PROGRA~1\MSI\MSIWDev\VGASYS64_100507.sys [2010-5-10 14960]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 139616]
S3 OA002Afx;Provides a software interface to control audio effects of OA002 camera.;C:\Windows\System32\drivers\OA002Afx.sys [2007-6-8 219544]
S3 OA002Ufd;Creative Camera OA002 Upper Filter Driver;C:\Windows\System32\drivers\OA002Ufd.sys [2008-6-3 168864]
S3 OA002Vid;Creative Camera OA002 Function Driver;C:\Windows\System32\drivers\OA002Vid.sys [2008-8-1 306560]
S3 RTCore64;RTCore64;C:\Program Files (x86)\EVGA Precision\RTCore64.sys [2011-1-17 14440]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-3-24 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
.
=============== Created Last 30 ================
.
2013-11-11 17:05:33 -------- d-----w- C:\937fcfc046debcaeea44f3a8
2013-11-11 00:22:18 -------- d-----w- C:\FRST
2013-11-10 21:18:37 20480 ----a-w- C:\Windows\svchost.exe
2013-11-10 20:59:12 -------- d-----w- C:\AdwCleaner
2013-11-10 19:23:30 -------- d-----w- C:\Users\Thomas\AppData\Roaming\Malwarebytes
2013-11-10 19:23:21 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-11-10 19:23:21 -------- d-----w- C:\ProgramData\Malwarebytes
2013-11-10 19:23:21 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-10 19:23:13 -------- d-----w- C:\Users\Thomas\AppData\Local\Programs
2013-11-10 19:17:51 36680 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
.
==================== Find3M  ====================
.
.
============= FINISH: 12:15:39.30 ===============









.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 12/29/2010 4:54:04 PM
System Uptime: 11/11/2013 12:00:12 PM (0 hours ago)
.
Motherboard: MICRO-STAR INTERNATIONAL CO.,LTD |  | P45 Platinum (MS-7512)
Processor: Intel® Core2 Duo CPU     E8400  @ 3.00GHz | CPU 1 | 3003/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 293.661 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP267: 1/13/2013 9:52:44 AM - Windows Update
RP268: 1/14/2013 5:20:03 PM - Removed League of Legends
RP269: 1/14/2013 5:57:13 PM - Removed RIFT
RP270: 1/14/2013 6:00:11 PM - Removed XSplit
RP271: 1/14/2013 6:01:01 PM - Removed Vegas Movie Studio HD 11.0
RP272: 1/14/2013 6:01:49 PM - Removed Skype™ 6.0
RP273: 1/14/2013 6:02:51 PM - Removed Skype Click to Call
RP274: 11/11/2013 12:02:43 PM - Windows Update
.
==== Installed Programs ======================
.
µTorrent
Adobe Flash Player 11 ActiveX
Aimersoft DVD to iPhone Converter(Build 2.4.3.1)
Aimersoft iPhone Video Converter(Build 2.4.3.2)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bing Bar
Bonjour
Core Temp version 0.99.8
D3DX10
eReg
EVGA OC Scanner 1.5.0
EVGA Precision 2.0.2
Flight Simulator X
Flight Simulator X Service Pack 1
Foxit Reader
Free Easy Burner V 5.0
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
iTunes
Java 7 Update 6 (64-bit)
Java Auto Updater
Java SE Development Kit 7 Update 6 (64-bit)
Java 6 Update 22
Java 6 Update 24
Junk Mail filter update
Lexmark 3500-4500 Series
MadOnion.com/3DMark2001 SE
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Flight Simulator X
Microsoft Flight Simulator X: Acceleration
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft XNA Framework Redistributable 3.1
Monitor Webcam Driver (1.01.02.0804)  
MSVCRT
MSVCRT Redists
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
NVIDIA 3D Vision Controller Driver 306.23
NVIDIA 3D Vision Driver 306.97
NVIDIA Control Panel 306.97
NVIDIA Design Garage
NVIDIA Graphics Driver 306.97
NVIDIA HD Audio Driver 1.3.18.0
NVIDIA Install Application
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
NVIDIA Supersonic Sled demo
NVIDIA Update 1.10.8
NVIDIA Update Components
OpenAL
OpenOffice.org 3.3
Pando Media Booster
PeerBlock 1.1 (r518)
PunkBuster Services
QuickTime
Rapture3D 2.3.26 Game
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Steam
The Lost Watch II NV 3D Screensaver 1.0
Tom Clancy's Rainbow Six: Vegas 2
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Ventrilo Client for Windows x64
WD Discovery Software
Western Railway NV 3D Screensaver 2.0
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR archiver
World of Warcraft
Xfire (remove only)
.
==== Event Viewer Messages From Past Week ========
.
11/11/2013 12:07:11 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 15.13.0.0   Update Source: Microsoft Malware Protection Center   Update Stage: Search   Source Path: http://go.microsoft.com/fwlink/?LinkID=260974&clcid=0x409&NRI=true&arch=x64&eng=2.1.8600.0&sig=15.13.0.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094   Signature Type: Network Inspection System   Update Type: Full   User: NT AUTHORITY\NETWORK SERVICE   Current Engine Version:   Previous Engine Version: 2.1.8600.0   Error code: 0x80072ee7   Error description: The server name or address could not be resolved 
11/11/2013 12:07:11 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.141.3887.0   Update Source: Microsoft Update Server   Update Stage: Search   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.9002.0   Error code: 0x8024402c   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
11/11/2013 12:07:11 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.141.3887.0   Update Source: Microsoft Malware Protection Center   Update Stage: Search   Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.9002.0&avdelta=1.141.3887.0&asdelta=1.141.3887.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\NETWORK SERVICE   Current Engine Version:   Previous Engine Version: 1.1.9002.0   Error code: 0x80072ee7   Error description: The server name or address could not be resolved 
11/11/2013 12:07:11 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.141.3887.0   Update Source: Microsoft Malware Protection Center   Update Stage: Search   Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.9002.0&avdelta=1.141.3887.0&asdelta=1.141.3887.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094   Signature Type: AntiSpyware   Update Type: Full   User: NT AUTHORITY\NETWORK SERVICE   Current Engine Version:   Previous Engine Version: 1.1.9002.0   Error code: 0x80072ee7   Error description: The server name or address could not be resolved 
11/11/2013 12:07:10 PM, Error: Service Control Manager [7003]  - The Microsoft Network Inspection System service depends the following service: BFE. This service might not be installed.
11/11/2013 12:07:10 PM, Error: Service Control Manager [7001]  - The Microsoft Network Inspection service depends on the Microsoft Network Inspection System service which failed to start because of the following error:  The dependency service does not exist or has been marked for deletion.
11/11/2013 12:07:10 PM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.   Feature: Network Inspection System   Error Code: 0x8007042c   Error description: The dependency service or group failed to start.   Reason: The system is missing updates that are required for running Network Inspection System.  Install the required updates and restart the computer.
11/11/2013 12:04:36 PM, Error: Service Control Manager [7038]  - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:  Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
11/11/2013 12:04:36 PM, Error: Service Control Manager [7000]  - The NVIDIA Update Service Daemon service failed to start due to the following error:  The service did not start due to a logon failure.
11/11/2013 12:01:26 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.141.3887.0   Update Source: Microsoft Malware Protection Center   Update Stage: Search   Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.9002.0&avdelta=1.141.3887.0&asdelta=1.141.3887.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\NETWORK SERVICE   Current Engine Version:   Previous Engine Version: 1.1.9002.0   Error code: 0x80072ee7   Error description: The server name or address could not be resolved 
11/11/2013 12:01:26 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.141.3887.0   Update Source: Microsoft Malware Protection Center   Update Stage: Search   Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.9002.0&avdelta=1.141.3887.0&asdelta=1.141.3887.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094   Signature Type: AntiSpyware   Update Type: Full   User: NT AUTHORITY\NETWORK SERVICE   Current Engine Version:   Previous Engine Version: 1.1.9002.0   Error code: 0x80072ee7   Error description: The server name or address could not be resolved 
11/11/2013 12:01:24 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.141.3887.0   Update Source: Microsoft Update Server   Update Stage: Search   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.9002.0   Error code: 0x8024402c   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
11/11/2013 12:01:05 PM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.   Feature: Network Inspection System   Error Code: 0x8007042c   Error description: The dependency service or group failed to start.   Reason: The system is missing updates that are required for running Network Inspection System.  Install the required updates and restart the computer.
11/11/2013 12:01:04 PM, Error: Service Control Manager [7003]  - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
11/11/2013 12:01:03 PM, Error: Service Control Manager [7023]  - The Function Discovery Resource Publication service terminated with the following error:  %%-2147024891
11/11/2013 12:01:02 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the lxdiCATSCustConnectService service to connect.
11/11/2013 12:01:02 PM, Error: Service Control Manager [7003]  - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
11/11/2013 12:01:02 PM, Error: Service Control Manager [7000]  - The lxdiCATSCustConnectService service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
11/11/2013 12:00:52 PM, Error: Service Control Manager [7023]  - The Computer Browser service terminated with the following error:  The specified service does not exist as an installed service.
11/10/2013 5:07:34 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.141.3887.0   Update Source: Microsoft Update Server   Update Stage: Download   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.9002.0   Error code: 0x8024001e   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
11/10/2013 5:07:34 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.141.3887.0   Update Source: Microsoft Update Server   Update Stage: Download   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.9002.0   Error code: 0x8024001e   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
11/10/2013 5:05:59 PM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.   Feature: Network Inspection System   Error Code: 0x8007042c   Error description: The dependency service or group failed to start.   Reason: The system is missing updates that are required for running Network Inspection System.  Install the required updates and restart the computer.
11/10/2013 5:04:50 PM, Error: Service Control Manager [7023]  - The Software Protection service terminated with the following error:  The media is write protected.
11/10/2013 5:04:39 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.141.3887.0   Update Source: Microsoft Update Server   Update Stage: Download   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.9002.0   Error code: 0x8024001e   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
11/10/2013 5:04:39 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.141.3887.0   Update Source: Microsoft Update Server   Update Stage: Download   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.9002.0   Error code: 0x8024001e   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
11/10/2013 5:02:10 PM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.   Feature: Network Inspection System   Error Code: 0x8007042c   Error description: The dependency service or group failed to start.   Reason: The system is missing updates that are required for running Network Inspection System.  Install the required updates and restart the computer.
11/10/2013 5:00:47 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.141.3887.0   Update Source: Microsoft Update Server   Update Stage: Search   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.9002.0   Error code: 0x8024001e   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
11/10/2013 4:58:56 PM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.   Feature: Network Inspection System   Error Code: 0x8007042c   Error description: The dependency service or group failed to start.   Reason: The system is missing updates that are required for running Network Inspection System.  Install the required updates and restart the computer.
11/10/2013 4:46:10 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.141.3887.0   Update Source: Microsoft Update Server   Update Stage: Search   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.9002.0   Error code: 0x8024402c   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
11/10/2013 4:46:10 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.141.3887.0   Update Source: Microsoft Malware Protection Center   Update Stage: Search   Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.9002.0&avdelta=1.141.3887.0&asdelta=1.141.3887.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\NETWORK SERVICE   Current Engine Version:   Previous Engine Version: 1.1.9002.0   Error code: 0x80072ee7   Error description: The server name or address could not be resolved 
11/10/2013 4:46:10 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.141.3887.0   Update Source: Microsoft Malware Protection Center   Update Stage: Search   Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.9002.0&avdelta=1.141.3887.0&asdelta=1.141.3887.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094   Signature Type: AntiSpyware   Update Type: Full   User: NT AUTHORITY\NETWORK SERVICE   Current Engine Version:   Previous Engine Version: 1.1.9002.0   Error code: 0x80072ee7   Error description: The server name or address could not be resolved 
11/10/2013 4:45:42 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.141.3887.0   Update Source: Microsoft Update Server   Update Stage: Download   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.9002.0   Error code: 0x80240022   Error description: The program can't check for definition updates. 
11/10/2013 4:45:42 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.141.3887.0   Update Source: Microsoft Update Server   Update Stage: Download   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.9002.0   Error code: 0x80240022   Error description: The program can't check for definition updates. 
11/10/2013 4:45:42 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.141.3887.0   Update Source: Microsoft Malware Protection Center   Update Stage: Search   Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.9002.0&avdelta=1.141.3887.0&asdelta=1.141.3887.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\NETWORK SERVICE   Current Engine Version:   Previous Engine Version: 1.1.9002.0   Error code: 0x80072ee7   Error description: The server name or address could not be resolved 
11/10/2013 4:45:42 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.141.3887.0   Update Source: Microsoft Malware Protection Center   Update Stage: Search   Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.9002.0&avdelta=1.141.3887.0&asdelta=1.141.3887.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094   Signature Type: AntiSpyware   Update Type: Full   User: NT AUTHORITY\NETWORK SERVICE   Current Engine Version:   Previous Engine Version: 1.1.9002.0   Error code: 0x80072ee7   Error description: The server name or address could not be resolved 
11/10/2013 4:35:45 PM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.   Feature: Network Inspection System   Error Code: 0x8007042c   Error description: The dependency service or group failed to start.   Reason: The system is missing updates that are required for running Network Inspection System.  Install the required updates and restart the computer.
11/10/2013 4:19:09 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.141.3887.0   Update Source: Microsoft Update Server   Update Stage: Search   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.9002.0   Error code: 0x8024001e   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
11/10/2013 4:17:55 PM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.   Feature: Network Inspection System   Error Code: 0x8007042c   Error description: The dependency service or group failed to start.   Reason: The system is missing updates that are required for running Network Inspection System.  Install the required updates and restart the computer.
11/10/2013 4:07:25 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.141.3887.0   Update Source: Microsoft Update Server   Update Stage: Search   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.9002.0   Error code: 0x8024402c   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
11/10/2013 4:07:25 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.141.3887.0   Update Source: Microsoft Malware Protection Center   Update Stage: Search   Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.9002.0&avdelta=1.141.3887.0&asdelta=1.141.3887.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\NETWORK SERVICE   Current Engine Version:   Previous Engine Version: 1.1.9002.0   Error code: 0x80072ee7   Error description: The server name or address could not be resolved 
11/10/2013 4:07:25 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.141.3887.0   Update Source: Microsoft Malware Protection Center   Update Stage: Search   Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.9002.0&avdelta=1.141.3887.0&asdelta=1.141.3887.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094   Signature Type: AntiSpyware   Update Type: Full   User: NT AUTHORITY\NETWORK SERVICE   Current Engine Version:   Previous Engine Version: 1.1.9002.0   Error code: 0x80072ee7   Error description: The server name or address could not be resolved 
11/10/2013 4:07:13 PM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.   Feature: Network Inspection System   Error Code: 0x8007042c   Error description: The dependency service or group failed to start.   Reason: The system is missing updates that are required for running Network Inspection System.  Install the required updates and restart the computer.
11/10/2013 4:02:45 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.141.3887.0   Update Source: Microsoft Update Server   Update Stage: Search   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.9002.0   Error code: 0x8024402c   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
11/10/2013 4:02:45 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.141.3887.0   Update Source: Microsoft Malware Protection Center   Update Stage: Search   Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.9002.0&avdelta=1.141.3887.0&asdelta=1.141.3887.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\NETWORK SERVICE   Current Engine Version:   Previous Engine Version: 1.1.9002.0   Error code: 0x80072ee7   Error description: The server name or address could not be resolved 
11/10/2013 4:02:45 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.141.3887.0   Update Source: Microsoft Malware Protection Center   Update Stage: Search   Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.9002.0&avdelta=1.141.3887.0&asdelta=1.141.3887.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094   Signature Type: AntiSpyware   Update Type: Full   User: NT AUTHORITY\NETWORK SERVICE   Current Engine Version:   Previous Engine Version: 1.1.9002.0   Error code: 0x80072ee7   Error description: The server name or address could not be resolved 
11/10/2013 4:02:42 PM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.   Feature: Network Inspection System   Error Code: 0x8007042c   Error description: The dependency service or group failed to start.   Reason: The system is missing updates that are required for running Network Inspection System.  Install the required updates and restart the computer.
11/10/2013 3:59:14 PM, Error: Service Control Manager [7001]  - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The dependency service or group failed to start.
11/10/2013 3:58:34 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service defragsvc with arguments "" in order to run the server: {D20A3293-3341-4AE8-9AAF-8E397CB63C34}
11/10/2013 3:57:56 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C}
11/10/2013 3:57:38 PM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
11/10/2013 3:57:37 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
11/10/2013 3:57:33 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
11/10/2013 3:57:30 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
11/10/2013 3:57:30 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
11/10/2013 3:57:27 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/10/2013 3:57:21 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
11/10/2013 3:57:15 PM, Error: Service Control Manager [7001]  - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error:  The dependency service or group failed to start.
11/10/2013 3:57:15 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.141.3887.0   Update Source: Microsoft Malware Protection Center   Update Stage: Search   Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.9002.0&avdelta=1.141.3887.0&asdelta=1.141.3887.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\NETWORK SERVICE   Current Engine Version:   Previous Engine Version: 1.1.9002.0   Error code: 0x80072ee7   Error description: The server name or address could not be resolved 
11/10/2013 3:57:15 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.141.3887.0   Update Source: Microsoft Malware Protection Center   Update Stage: Search   Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.9002.0&avdelta=1.141.3887.0&asdelta=1.141.3887.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094   Signature Type: AntiSpyware   Update Type: Full   User: NT AUTHORITY\NETWORK SERVICE   Current Engine Version:   Previous Engine Version: 1.1.9002.0   Error code: 0x80072ee7   Error description: The server name or address could not be resolved 
11/10/2013 3:57:14 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
11/10/2013 3:57:14 PM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
11/10/2013 3:57:14 PM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
11/10/2013 3:57:14 PM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
11/10/2013 3:57:14 PM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
11/10/2013 3:57:14 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.141.3887.0   Update Source: Microsoft Update Server   Update Stage: Search   Source Path: Default URL   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.9002.0   Error code: 0x8007043c   Error description: This service cannot be started in Safe Mode 
11/10/2013 3:57:14 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
11/10/2013 3:57:13 PM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
11/10/2013 3:57:13 PM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
11/10/2013 3:57:13 PM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
11/10/2013 3:57:13 PM, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
11/10/2013 3:57:13 PM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
11/10/2013 3:57:13 PM, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
11/10/2013 3:50:34 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.141.3887.0   Update Source: Microsoft Update Server   Update Stage: Search   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.9002.0   Error code: 0x8024001e   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
11/10/2013 3:49:25 PM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.   Feature: Network Inspection System   Error Code: 0x8007042c   Error description: The dependency service or group failed to start.   Reason: The system is missing updates that are required for running Network Inspection System.  Install the required updates and restart the computer.
11/10/2013 3:03:07 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.141.3887.0   Update Source: Microsoft Update Server   Update Stage: Search   Source Path: Default URL   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.9002.0   Error code: 0x8007043c   Error description: This service cannot be started in Safe Mode 
11/10/2013 3:03:07 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.141.3887.0   Update Source: Microsoft Malware Protection Center   Update Stage: Search   Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.9002.0&avdelta=1.141.3887.0&asdelta=1.141.3887.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\NETWORK SERVICE   Current Engine Version:   Previous Engine Version: 1.1.9002.0   Error code: 0x80072ee7   Error description: The server name or address could not be resolved 
11/10/2013 3:03:07 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.141.3887.0   Update Source: Microsoft Malware Protection Center   Update Stage: Search   Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.9002.0&avdelta=1.141.3887.0&asdelta=1.141.3887.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094   Signature Type: AntiSpyware   Update Type: Full   User: NT AUTHORITY\NETWORK SERVICE   Current Engine Version:   Previous Engine Version: 1.1.9002.0   Error code: 0x80072ee7   Error description: The server name or address could not be resolved 
11/10/2013 2:53:03 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.141.3887.0   Update Source: Microsoft Malware Protection Center   Update Stage: Search   Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.9002.0&avdelta=1.141.3887.0&asdelta=1.141.3887.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\NETWORK SERVICE   Current Engine Version:   Previous Engine Version: 1.1.9002.0   Error code: 0x80072ee7   Error description: The server name or address could not be resolved 
11/10/2013 2:53:03 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.141.3887.0   Update Source: Microsoft Malware Protection Center   Update Stage: Search   Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.9002.0&avdelta=1.141.3887.0&asdelta=1.141.3887.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094   Signature Type: AntiSpyware   Update Type: Full   User: NT AUTHORITY\NETWORK SERVICE   Current Engine Version:   Previous Engine Version: 1.1.9002.0   Error code: 0x80072ee7   Error description: The server name or address could not be resolved 
11/10/2013 2:53:01 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.141.3887.0   Update Source: Microsoft Update Server   Update Stage: Search   Source Path: Default URL   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.9002.0   Error code: 0x8007043c   Error description: This service cannot be started in Safe Mode 
11/10/2013 2:33:09 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.141.3887.0   Update Source: Microsoft Update Server   Update Stage: Search   Source Path: Default URL   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.9002.0   Error code: 0x8007043c   Error description: This service cannot be started in Safe Mode 
11/10/2013 2:33:09 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.141.3887.0   Update Source: Microsoft Malware Protection Center   Update Stage: Search   Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.9002.0&avdelta=1.141.3887.0&asdelta=1.141.3887.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\NETWORK SERVICE   Current Engine Version:   Previous Engine Version: 1.1.9002.0   Error code: 0x80072ee7   Error description: The server name or address could not be resolved 
11/10/2013 2:33:09 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.141.3887.0   Update Source: Microsoft Malware Protection Center   Update Stage: Search   Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.9002.0&avdelta=1.141.3887.0&asdelta=1.141.3887.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094   Signature Type: AntiSpyware   Update Type: Full   User: NT AUTHORITY\NETWORK SERVICE   Current Engine Version:   Previous Engine Version: 1.1.9002.0   Error code: 0x80072ee7   Error description: The server name or address could not be resolved 
11/10/2013 2:20:01 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.141.3887.0   Update Source: Microsoft Update Server   Update Stage: Search   Source Path: Default URL   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.9002.0   Error code: 0x8007043c   Error description: This service cannot be started in Safe Mode 
11/10/2013 2:20:01 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.141.3887.0   Update Source: Microsoft Malware Protection Center   Update Stage: Search   Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.9002.0&avdelta=1.141.3887.0&asdelta=1.141.3887.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\NETWORK SERVICE   Current Engine Version:   Previous Engine Version: 1.1.9002.0   Error code: 0x80072ee7   Error description: The server name or address could not be resolved 
11/10/2013 2:20:01 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.141.3887.0   Update Source: Microsoft Malware Protection Center   Update Stage: Search   Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.9002.0&avdelta=1.141.3887.0&asdelta=1.141.3887.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094   Signature Type: AntiSpyware   Update Type: Full   User: NT AUTHORITY\NETWORK SERVICE   Current Engine Version:   Previous Engine Version: 1.1.9002.0   Error code: 0x80072ee7   Error description: The server name or address could not be resolved 
11/10/2013 2:14:50 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.141.3887.0   Update Source: Microsoft Update Server   Update Stage: Search   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.9002.0   Error code: 0x8024402c   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
11/10/2013 2:14:50 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.141.3887.0   Update Source: Microsoft Malware Protection Center   Update Stage: Search   Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.9002.0&avdelta=1.141.3887.0&asdelta=1.141.3887.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\NETWORK SERVICE   Current Engine Version:   Previous Engine Version: 1.1.9002.0   Error code: 0x80072ee7   Error description: The server name or address could not be resolved 
11/10/2013 2:14:50 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.141.3887.0   Update Source: Microsoft Malware Protection Center   Update Stage: Search   Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.9002.0&avdelta=1.141.3887.0&asdelta=1.141.3887.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094   Signature Type: AntiSpyware   Update Type: Full   User: NT AUTHORITY\NETWORK SERVICE   Current Engine Version:   Previous Engine Version: 1.1.9002.0   Error code: 0x80072ee7   Error description: The server name or address could not be resolved 
11/10/2013 2:14:41 AM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.   Feature: Network Inspection System   Error Code: 0x8007042c   Error description: The dependency service or group failed to start.   Reason: The system is missing updates that are required for running Network Inspection System.  Install the required updates and restart the computer.
.
==== End Of File ===========================
 
Link to post
Share on other sites

Step 1

P2P/Piracy Warning:

If you're using Peer 2 Peer software such as uTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Step 2

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system.  You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Link to post
Share on other sites

I ran the tool, however I did not see an Addition.txt file. Here is the FRST.txt requested:
 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-11-2013 01
Ran by Thomas (administrator) on THOMAS-PC on 12-11-2013 16:37:12
Running from E:\cleanup
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
( ) C:\Windows\system32\lxdicoms.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) \\.\globalroot\systemroot\svchost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
() C:\Program Files\Core Temp\Core Temp.exe
() C:\Program Files (x86)\EVGA Precision\EVGAPrecision.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdimon.exe
() C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdiamon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MpCmdRun.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11057768 2010-07-06] (Realtek Semiconductor)
HKLM\...\Run: [lxdimon.exe] - C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdimon.exe [434856 2009-04-27] ()
HKLM\...\Run: [lxdiamon] - C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdiamon.exe [25256 2009-04-27] ()
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-08-12] (Microsoft Corporation)
HKLM\...\Run: [MRT] - C:\Windows\System32\MRT.exe [80541720 2013-09-26] (Microsoft Corporation)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox]  ATTENTION! ====> ZeroAccess?
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [249064 2010-10-29] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x5D7D82AA41F0CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: HKLM-x32 {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
DPF: HKLM-x32 {8167C273-DF59-4416-B647-C8BB2C7EE83E} http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.75.76
 
Chrome: 
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\pdf.dll ()
CHR Plugin: (Java Deployment Toolkit 6.0.240.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java Platform SE 6 U24) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Unity Player) - C:\Users\Thomas\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
 
==================== Services (Whitelisted) =================
 
R2 lxdi_device; C:\Windows\system32\lxdicoms.exe [876976 2007-06-11] ( )
R2 lxdi_device; C:\Windows\SysWow64\lxdicoms.exe [517040 2007-06-11] ( )
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-08-12] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-08-12] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2011-07-24] ()
S3 xsherlock; C:\Windows\SysWow64\xsherlock.xem [666720 2012-10-14] (Wellbia.com Co., Ltd.)
 
==================== Drivers (Whitelisted) ====================
 
S3 Linksys_adapter_H; C:\Windows\System32\DRIVERS\AE1200w764.sys [1254464 2011-03-29] (Broadcom Corporation)
S3 Lycosa; C:\Windows\System32\drivers\Lycosa.sys [18816 2008-01-17] (Razer USA Ltd.)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [36680 2013-11-10] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
S3 MSI_DVD_010507; C:\PROGRA~1\MSI\MSIWDev\DVDSYS64_100507.sys [28984 2010-05-10] (Your Corporation)
S3 MSI_MSIBIOS_010507; C:\PROGRA~1\MSI\MSIWDev\msibios64_100507.sys [33592 2010-05-10] (Your Corporation)
S3 MSI_VGASYS_010507; C:\PROGRA~1\MSI\MSIWDev\VGASYS64_100507.sys [14960 2010-05-10] ()
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
R3 RTCore64; C:\Program Files (x86)\EVGA Precision\RTCore64.sys [14440 2011-01-17] ()
R3 ALSysIO; \??\C:\Users\Thomas\AppData\Local\Temp\ALSysIO64.sys [x]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S1 fprlblfs; \??\C:\Windows\system32\drivers\fprlblfs.sys [x]
S1 lmohypil; \??\C:\Windows\system32\drivers\lmohypil.sys [x]
S3 NVIDIAHWAccess; \??\C:\Users\Thomas\AppData\Roaming\NVIDIA\HWAccess.sys [x]
S3 X6va006; \??\C:\Users\Thomas\AppData\Local\Temp\0064245.tmp [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-11-11 12:28 - 2013-11-11 12:28 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-11-11 12:28 - 2013-11-11 12:28 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-11-11 12:27 - 2013-09-22 10:43 - 17833984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-11 12:27 - 2013-09-22 10:01 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-11 12:27 - 2013-09-22 09:42 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-11 12:27 - 2013-09-22 09:36 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-11 12:27 - 2013-09-22 09:33 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-11 12:27 - 2013-09-22 09:33 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-11 12:27 - 2013-09-22 09:30 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-11 12:27 - 2013-09-22 09:27 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-11 12:27 - 2013-09-22 09:23 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-11 12:27 - 2013-09-22 09:22 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-11 12:27 - 2013-09-22 09:21 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-11 12:27 - 2013-09-22 09:19 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-11 12:27 - 2013-09-22 09:19 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-11 12:27 - 2013-09-22 09:16 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-11 12:27 - 2013-09-22 09:15 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-11 12:27 - 2013-09-22 09:07 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-11 12:27 - 2013-09-22 05:29 - 12336128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-11 12:27 - 2013-09-22 05:22 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-11 12:27 - 2013-09-22 05:22 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-11 12:27 - 2013-09-22 05:14 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-11 12:27 - 2013-09-22 05:13 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-11 12:27 - 2013-09-22 05:13 - 01104896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-11 12:27 - 2013-09-22 05:12 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-11 12:27 - 2013-09-22 05:09 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-11 12:27 - 2013-09-22 05:08 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-11 12:27 - 2013-09-22 05:07 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-11 12:27 - 2013-09-22 05:06 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-11 12:27 - 2013-09-22 05:05 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-11 12:27 - 2013-09-22 05:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-11 12:27 - 2013-09-22 05:03 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-11 12:27 - 2013-09-22 05:03 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-11 12:27 - 2013-09-22 04:59 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-11 12:17 - 2013-11-11 12:17 - 00000000 ____D C:\Windows\system32\MRT
2013-11-11 11:59 - 2013-11-11 11:59 - 00003304 ____N C:\bootsqm.dat
2013-11-10 19:22 - 2013-11-10 19:22 - 00000000 ____D C:\FRST
2013-11-10 17:07 - 2013-07-25 21:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-11-10 17:07 - 2013-07-25 21:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-11-10 17:07 - 2013-07-25 20:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-11-10 17:07 - 2013-07-25 20:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-11-10 17:06 - 2013-04-26 00:51 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2013-11-10 17:06 - 2013-04-25 23:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-11-10 17:04 - 2013-05-10 00:49 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2013-11-10 17:04 - 2013-05-09 22:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-11-10 17:03 - 2013-05-13 00:51 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-10 17:03 - 2013-05-13 00:51 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-11-10 17:03 - 2013-05-13 00:51 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-11-10 17:03 - 2013-05-13 00:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2013-11-10 17:03 - 2013-05-12 23:45 - 01160192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-10 17:03 - 2013-05-12 23:45 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-11-10 17:03 - 2013-05-12 23:45 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-11-10 17:03 - 2013-05-12 22:43 - 01192448 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2013-11-10 17:03 - 2013-05-12 22:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-11-10 17:03 - 2013-05-12 22:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-11-10 17:02 - 2013-08-01 07:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-11-10 17:02 - 2013-07-06 01:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-11-10 17:02 - 2013-04-10 01:01 - 00265064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2013-11-10 17:02 - 2013-01-03 01:00 - 00288088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2013-11-10 17:02 - 2011-02-03 06:25 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2013-11-10 16:18 - 2009-07-13 20:14 - 00020480 _____ (Microsoft Corporation) C:\Windows\svchost.exe
2013-11-10 15:59 - 2013-11-10 16:00 - 00000000 ____D C:\AdwCleaner
2013-11-10 14:23 - 2013-11-10 14:23 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-10 14:23 - 2013-11-10 14:23 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Malwarebytes
2013-11-10 14:23 - 2013-11-10 14:23 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-10 14:23 - 2013-11-10 14:23 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-10 14:23 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-11-10 14:17 - 2013-11-10 14:23 - 00036680 _____ C:\Windows\system32\Drivers\mbamchameleon.sys
 
==================== One Month Modified Files and Folders =======
 
2013-11-12 16:36 - 2011-01-16 12:43 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\uTorrent
2013-11-12 16:34 - 2009-07-14 00:13 - 00779306 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-12 16:34 - 2009-07-13 23:45 - 00013776 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-12 16:34 - 2009-07-13 23:45 - 00013776 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-12 16:33 - 2011-03-19 15:40 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-12 16:33 - 2010-12-29 19:44 - 01727911 _____ C:\Windows\WindowsUpdate.log
2013-11-12 16:32 - 2011-03-19 15:40 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-12 16:27 - 2011-06-02 18:41 - 00035773 _____ C:\Windows\setupact.log
2013-11-12 16:27 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-12 16:26 - 2011-01-23 13:03 - 00000000 ____D C:\ProgramData\NVIDIA
2013-11-11 12:38 - 2010-12-29 16:54 - 00000000 ___RD C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-11 12:38 - 2010-12-29 16:54 - 00000000 ___RD C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-11-11 12:35 - 2009-07-14 02:45 - 00000000 ____D C:\Program Files\Windows Journal
2013-11-11 12:28 - 2013-11-11 12:28 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-11-11 12:28 - 2013-11-11 12:28 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-11-11 12:27 - 2011-01-27 15:46 - 00773030 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-11-11 12:17 - 2013-11-11 12:17 - 00000000 ____D C:\Windows\system32\MRT
2013-11-11 12:07 - 2011-01-27 15:46 - 00002155 _____ C:\Windows\epplauncher.mif
2013-11-11 12:06 - 2012-05-24 02:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-11-11 12:06 - 2011-01-27 15:45 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-11-11 12:04 - 2012-10-21 13:21 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-11 11:59 - 2013-11-11 11:59 - 00003304 ____N C:\bootsqm.dat
2013-11-10 19:22 - 2013-11-10 19:22 - 00000000 ____D C:\FRST
2013-11-10 16:00 - 2013-11-10 15:59 - 00000000 ____D C:\AdwCleaner
2013-11-10 14:23 - 2013-11-10 14:23 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-10 14:23 - 2013-11-10 14:23 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Malwarebytes
2013-11-10 14:23 - 2013-11-10 14:23 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-10 14:23 - 2013-11-10 14:23 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-10 14:23 - 2013-11-10 14:17 - 00036680 _____ C:\Windows\system32\Drivers\mbamchameleon.sys
 
Files to move or delete:
====================
C:\Windows\svchost.exe
ATTENTION ====> Check for partition/boot infection.
 
 
Some content of TEMP:
====================
C:\Users\Thomas\AppData\Local\Temp\dxwebsetup.exe
C:\Users\Thomas\AppData\Local\Temp\Gw2.exe
C:\Users\Thomas\AppData\Local\Temp\ntdll_dump.dll
C:\Users\Thomas\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Thomas\AppData\Local\Temp\nvStereoApiI64.dll
C:\Users\Thomas\AppData\Local\Temp\nvStInst.exe
C:\Users\Thomas\AppData\Local\Temp\pn4BB0.exe
C:\Users\Thomas\AppData\Local\Temp\Quarantine.exe
C:\Users\Thomas\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Thomas\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Thomas\AppData\Local\Temp\Uninstaller-4352.exe
C:\Users\Thomas\AppData\Local\Temp\UnityWebPlayer1141855222447318782.exe
C:\Users\Thomas\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Thomas\AppData\Local\Temp\WDAutoUpdate.exe
C:\Users\Thomas\AppData\Local\Temp\{6384DDF3-D0DD-4797-A682-5F755D3F165B}-GoogleUpdateSetup.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-01-14 00:53
 
==================== End Of Log ============================
Link to post
Share on other sites

One or more of the identified infections is related to a nasty rootkit component which is difficult to remove. Rootkits and backdoor Trojans are very dangerous because they use advanced techniques (backdoors) as a means of accessing a computer system that bypasses security mechanisms and steal sensitive information which they send back to the hacker. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. Remote attackers use backdoor Trojans and rootkits as part of an exploit to gain unauthorized access to a computer and take control of it without your knowledge.

If your computer was used for online banking, has credit card information or other sensitive data on it, you should immediately disconnect from the Internet until your system is cleaned. All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums from a CLEAN COMPUTER. You should consider them to be compromised. You should change each password by using a different computer and not the infected one. If not, an attacker may get the new passwords and transaction information. If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connecting again. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

Although the rootkit has been identified and may be removed, your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume that because this malware has been removed the computer is now secure. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired. The malware may leave so many remnants behind that security tools cannot find them. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, delete the partition, reformat and reinstall the Operating System.

Please read:

Should you decide not to follow this advice, we will do our best to help clean the computer of any infections but we cannot guarantee it to be trustworthy or that the removal will be successful. If you wish to proceed, disinfection will require more time and more advanced tools.

Please let us know how you would like to proceed.

Link to post
Share on other sites

Open Notepad (Start => All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open Notepad and select Paste). Save it on the same directory as FRST.exe and save it as fixlist.txt

 

start

HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] ATTENTION! ====> ZeroAccess?

S1 fprlblfs; \??\C:\Windows\system32\drivers\fprlblfs.sys [x]

S1 lmohypil; \??\C:\Windows\system32\drivers\lmohypil.sys [x]

C:\Windows\svchost.exe

end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.

The tool will make a log (Fixlog.txt) please post it to your reply.

Reboot Normally.

Link to post
Share on other sites

Here is the Fixlog.txt as requested: 
 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-11-2013 01
Ran by Thomas at 2013-11-13 15:03:35 Run:2
Running from E:\cleanup
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] ATTENTION! ====> ZeroAccess?
S1 fprlblfs; \??\C:\Windows\system32\drivers\fprlblfs.sys [x]
S1 lmohypil; \??\C:\Windows\system32\drivers\lmohypil.sys [x]
C:\Windows\svchost.exe
end
*****************
 
HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => Value was restored successfully.
fprlblfs => Service deleted successfully.
lmohypil => Service deleted successfully.
C:\Windows\svchost.exe => Moved successfully.
 
==== End of Fixlog ====
Link to post
Share on other sites

Please boot into Regular mode.

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
  • Please copy/paste the contents or attach that log file to your next reply.
  • If needed the file can be located here: C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.
Link to post
Share on other sites

Here is the ComboFix as requested. I did disable the Microsoft Security Essentials the way the other post told me to do, however still got an error message.
 

ComboFix 13-11-12.01 - Thomas 11/14/2013  12:24:57.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4095.2582 [GMT -5:00]
Running from: c:\users\Thomas\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\windows\svchost.exe
c:\windows\SysWow64\FlashPlayerApp.exe
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\WanPacket.dll
c:\windows\SysWow64\wpcap.dll
.
.
(((((((((((((((((((((((((   Files Created from 2013-10-14 to 2013-11-14  )))))))))))))))))))))))))))))))
.
.
2013-11-14 17:30 . 2013-11-14 17:30 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-11-14 17:30 . 2013-11-14 17:30 -------- d-----w- c:\users\hedev\AppData\Local\temp
2013-11-14 17:30 . 2013-11-14 17:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-11-13 21:06 . 2013-11-13 21:06 -------- d-----w- c:\users\Thomas\AppData\Local\Diagnostics
2013-11-11 17:28 . 2013-11-11 17:28 -------- d-----w- c:\program files\Microsoft Silverlight
2013-11-11 17:28 . 2013-11-11 17:28 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2013-11-11 17:17 . 2013-11-11 17:17 -------- d-----w- c:\windows\system32\MRT
2013-11-11 00:22 . 2013-11-11 00:22 -------- d-----w- C:\FRST
2013-11-10 22:07 . 2013-07-26 02:24 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-11-10 22:07 . 2013-07-26 02:24 197120 ----a-w- c:\windows\system32\shdocvw.dll
2013-11-10 22:06 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-11-10 22:06 . 2013-04-26 04:55 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-11-10 22:04 . 2013-05-10 05:49 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-11-10 22:04 . 2013-05-10 03:20 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-11-10 22:02 . 2013-07-06 06:03 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-11-10 22:02 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-11-10 22:02 . 2013-08-01 12:09 983488 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-11-10 22:02 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-11-10 22:02 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll
2013-11-10 20:59 . 2013-11-10 21:00 -------- d-----w- C:\AdwCleaner
2013-11-10 19:23 . 2013-11-10 19:23 -------- d-----w- c:\users\Thomas\AppData\Roaming\Malwarebytes
2013-11-10 19:23 . 2013-11-10 19:23 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-11-10 19:23 . 2013-11-10 19:23 -------- d-----w- c:\programdata\Malwarebytes
2013-11-10 19:23 . 2013-04-04 19:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-11-10 19:23 . 2013-11-10 19:23 -------- d-----w- c:\users\Thomas\AppData\Local\Programs
2013-11-10 19:17 . 2013-11-10 19:23 36680 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-10 20:50 . 2010-06-24 16:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-09-26 06:46 . 2010-12-29 22:26 80541720 ----a-w- c:\windows\system32\MRT.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxdiserv.exe;c:\windows\SYSNATIVE\spool\DRIVERS\x64\3\\lxdiserv.exe [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]
R3 Linksys_adapter_H;Linksys Adapter Network Driver;c:\windows\system32\DRIVERS\AE1200w764.sys;c:\windows\SYSNATIVE\DRIVERS\AE1200w764.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech Webcam C260(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
R3 Lycosa;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys;c:\windows\SYSNATIVE\drivers\Lycosa.sys [x]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
R3 MSI_DVD_010507;MSI_DVD_010507;c:\progra~1\MSI\MSIWDev\DVDSYS64_100507.sys;c:\progra~1\MSI\MSIWDev\DVDSYS64_100507.sys [x]
R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\progra~1\MSI\MSIWDev\msibios64_100507.sys;c:\progra~1\MSI\MSIWDev\msibios64_100507.sys [x]
R3 MSI_VGASYS_010507;MSI_VGASYS_010507;c:\progra~1\MSI\MSIWDev\VGASYS64_100507.sys;c:\progra~1\MSI\MSIWDev\VGASYS64_100507.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 NVIDIAHWAccess;NVIDIAHWAccess;c:\users\Thomas\AppData\Roaming\NVIDIA\HWAccess.sys;c:\users\Thomas\AppData\Roaming\NVIDIA\HWAccess.sys [x]
R3 OA002Afx;Provides a software interface to control audio effects of OA002 camera.;c:\windows\system32\Drivers\OA002Afx.sys;c:\windows\SYSNATIVE\Drivers\OA002Afx.sys [x]
R3 OA002Ufd;Creative Camera OA002 Upper Filter Driver;c:\windows\system32\DRIVERS\OA002Ufd.sys;c:\windows\SYSNATIVE\DRIVERS\OA002Ufd.sys [x]
R3 OA002Vid;Creative Camera OA002 Function Driver;c:\windows\system32\DRIVERS\OA002Vid.sys;c:\windows\SYSNATIVE\DRIVERS\OA002Vid.sys [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 X6va006;X6va006;c:\users\Thomas\AppData\Local\Temp\0064245.tmp;c:\users\Thomas\AppData\Local\Temp\0064245.tmp [x]
R3 xsherlock;xsherlock;c:\windows\system32\xsherlock.xem;c:\windows\SYSNATIVE\xsherlock.xem [x]
S2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x]
S2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe;c:\windows\SYSNATIVE\lxdicoms.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S3 ALSysIO;ALSysIO;c:\users\Thomas\AppData\Local\Temp\ALSysIO64.sys;c:\users\Thomas\AppData\Local\Temp\ALSysIO64.sys [x]
S3 RTCore64;RTCore64;c:\program files (x86)\EVGA Precision\RTCore64.sys;c:\program files (x86)\EVGA Precision\RTCore64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ALSYSIO
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-12 03:36 1606760 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-21 03:04]
.
2013-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-19 20:40]
.
2013-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-19 20:40]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-06 11057768]
"lxdimon.exe"="c:\program files (x86)\Lexmark 3500-4500 Series\lxdimon.exe" [2009-04-27 434856]
"lxdiamon"="c:\program files (x86)\Lexmark 3500-4500 Series\lxdiamon.exe" [2009-04-27 25256]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-08-12 1356240]
"MRT"="c:\windows\system32\MRT.exe" [2013-09-26 80541720]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: clonewarsadventures.com
Trusted Zone: com\www.msi
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 75.75.75.75 75.75.75.76
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va006]
"ImagePath"="\??\c:\users\Thomas\AppData\Local\Temp\0064245.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\xsherlock]
"ImagePath"="c:\windows\system32\xsherlock.xem"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
   89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
   aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
   d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:cc,4e,e5,9f,28,ae,cd,01
.
[HKEY_USERS\S-1-5-21-868445698-784921038-2614256387-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-868445698-784921038-2614256387-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-868445698-784921038-2614256387-1000\Software\SecuROM\License information*]
"datasecu"=hex:62,91,c4,52,1f,82,d8,85,91,96,1f,d6,ff,f4,e3,a6,09,9c,67,bc,07,
   21,69,e8,d5,57,af,e1,af,f6,57,eb,03,85,53,1d,56,2b,81,f9,0d,4a,5e,e7,5a,e4,\
"rkeysecu"=hex:13,20,3b,dc,10,5a,39,14,08,d0,ff,8f,7b,11,ad,73
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\\.\globalroot\systemroot\svchost.exe
c:\program files (x86)\EVGA Precision\EVGAPrecision.exe
.
**************************************************************************
.
Completion time: 2013-11-14  12:44:06 - machine was rebooted
ComboFix-quarantined-files.txt  2013-11-14 17:44
.
Pre-Run: 320,447,266,816 bytes free
Post-Run: 323,976,159,232 bytes free
.
- - End Of File - - 978E834058202561E27C20EA5531BD95
A36C5E4F47E84449FF07ED3517B43A31
Link to post
Share on other sites

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

      Save it to your Desktop.

    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
Link to post
Share on other sites

  • 4 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.